Lucene search
K

73 matches found

ATTACKERKB
ATTACKERKB
added 2021/12/07 6:15 p.m.3 views

CVE-2021-43175

The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that accepts a username, password, and action that routes to other PHP files that implement the various API functions. Vulnerable versions of GOautodial validate the username and password incorrectly,...

7.5CVSS7.2AI score0.01161EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2021/12/07 6:15 p.m.20 views

CVE-2021-43175

The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that accepts a username, password, and action that routes to other PHP files that implement the various API functions. Vulnerable versions of GOautodial validate the username and password incorrectly,...

7.5CVSS0.01161EPSS
Exploits1References1
Prion
Prion
added 2021/12/07 6:15 p.m.16 views

Design/Logic Flaw

The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 takes a user-supplied “action” parameter and appends a .php file extension to locate and load the correct PHP file to implement the API call. Vulnerable versions of GOautodial do not sanitize the user input that specifies the...

6.5CVSS7.8AI score0.01312EPSS
Exploits2References1Affected Software2
Prion
Prion
added 2021/12/07 6:15 p.m.18 views

Default credentials

The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that accepts a username, password, and action that routes to other PHP files that implement the various API functions. Vulnerable versions of GOautodial validate the username and password incorrectly,...

5CVSS8.3AI score0.01161EPSS
Exploits1References1Affected Software2
Cvelist
Cvelist
added 2021/12/07 5:26 p.m.26 views

CVE-2021-43176

The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 takes a user-supplied “action” parameter and appends a .php file extension to locate and load the correct PHP file to implement the API call. Vulnerable versions of GOautodial do not sanitize the user input that specifies the...

8.2AI score0.01312EPSS
Exploits1References1
CVE
CVE
added 2021/12/07 5:26 p.m.48 views

CVE-2021-43176

The CVE-2021-43176 entry describes a GOautodial API vulnerability: prior to commit 3c3a979 (Oct 13, 2021), the API accepts a user-supplied action parameter and appends .php to locate/load a PHP file, without sanitizing the action input. This allows an attacker to execute any PHP source file prese...

8.8CVSS7.8AI score0.01312EPSS
Exploits1References1Affected Software2
CVE
CVE
added 2021/12/07 5:25 p.m.45 views

CVE-2021-43175

Summary (technical): GOautodial API before commit 3c3a979 (Oct 13, 2021) exposes a router that takes username, password, and an action to dispatch to PHP files. In vulnerable versions, credentials are not validated properly, letting callers specify arbitrary values and authenticate. Separate but ...

7.5CVSS8.3AI score0.01161EPSS
Exploits1References1Affected Software2
Cvelist
Cvelist
added 2021/12/07 5:25 p.m.22 views

CVE-2021-43175

The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that accepts a username, password, and action that routes to other PHP files that implement the various API functions. Vulnerable versions of GOautodial validate the username and password incorrectly,...

8.2AI score0.01161EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/12/07 12:0 a.m.4 views

GOautodial 路径遍历漏洞

GOautodial is a next-generation open source omnichannel contact center suite. GOautodial suffers from a security vulnerability that stems from the software taking a user-supplied action parameter and attaching a php file extension to locate and load the correct PHP file, but not filtering and...

8.8CVSS8AI score0.01312EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/12/07 12:0 a.m.4 views

GOautodial 授权问题漏洞

GOautodial is a next-generation open source omnichannel contact center suite. Goautodial suffers from an authorization issue vulnerability that arises when the API in the software does not properly validate usernames and passwords, allowing callers to specify any value for a parameter and...

7.5CVSS7.5AI score0.01161EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2021/12/07 12:0 a.m.3 views

PT-2021-23760 · Unknown · Goautodial

Name of the Vulnerable Software and Affected Versions: GOautodial versions prior to commit 3c3a979 Description: The issue concerns incorrect validation of the username and password parameters in the API router, allowing for successful authentication with any specified values. Recommendations: For...

7.5CVSS7.8AI score0.01161EPSS
Exploits1References4
Exploit DB
Exploit DB
added 2020/10/21 12:0 a.m.840 views

GOautodial 4.0 - Authenticated Shell Upload

Exploit Title: GOautodial 4.0 - Authenticated Shell Upload Author: Balzabu Discovery Date: 07-23-2020 Vendor Homepage: https://goautodial.org/ Software Link: https://goautodial.org/GOautodial-4-x8664-Final-20191010-0150.iso.html Tested Version: 4.0 Last relase as of today Tested on OS: CentOS 7...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/21 12:0 a.m.726 views

GOautodial 4.0 Shell Upload

Exploit Title: GOautodial 4.0 - Authenticated Shell Upload Author: Balzabu Discovery Date: 07-23-2020 Vendor Homepage: https://goautodial.org/ Software Link: https://goautodial.org/GOautodial-4-x8664-Final-20191010-0150.iso.html Tested Version: 4.0 Last relase as of today Tested on OS: CentOS 7...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/07/27 12:0 a.m.170 views

GOautodial 4.0 Cross Site Scripting

Exploit Title: GOautodial 4.0 - Persistent Cross-Site Scripting Authenticated Author: Balzabu Discovery Date: 2020-07-23 Vendor Homepage: https://goautodial.org/ Software Link: https://goautodial.org/GOautodial-4-x8664-Final-20191010-0150.iso.html Tested Version: 4.0 Last relase as of today Teste...

Exploits0
0day.today
0day.today
added 2020/07/26 12:0 a.m.209 views

GOautodial 4.0 - Persistent Cross-Site Scripting (Authenticated) Vulnerability

Exploit for php platform in category web applications Exploit Title: GOautodial 4.0 - Persistent Cross-Site Scripting Authenticated Author: Balzabu Vendor Homepage: https://goautodial.org/ Software Link: https://goautodial.org/GOautodial-4-x8664-Final-20191010-0150.iso.html Tested Version: 4.0 La...

Exploits0
Exploit DB
Exploit DB
added 2020/07/26 12:0 a.m.221 views

GOautodial 4.0 - Persistent Cross-Site Scripting (Authenticated)

Exploit Title: GOautodial 4.0 - Persistent Cross-Site Scripting Authenticated Author: Balzabu Discovery Date: 2020-07-23 Vendor Homepage: https://goautodial.org/ Software Link: https://goautodial.org/GOautodial-4-x8664-Final-20191010-0150.iso.html Tested Version: 4.0 Last relase as of today Teste...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/09/23 12:0 a.m.42 views

GOautodial 4.0 - (CreateEvent) Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: GOautodial 4.0 - 'CreateEvent' Persistent Cross-Site Scripting Author: Cakes Vendor Homepage: https://goautodial.org/ Software Link:...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2019/09/19 12:0 a.m.134 views

GOautodial 4.0 Cross Site Scripting

Exploit Title: GOautodial 4.0 - 'CreateEvent' Persistent Cross-Site Scripting Author: Cakes Discovery Date: 2019-09-19 Vendor Homepage: https://goautodial.org/ Software Link: https://downloads2.goautodial.org/centos/7/isos/x8664/GOautodial-4-x8664-Pre-Release-20180929-0618.iso Tested Version: 4.0...

0.1AI score
Exploits0
exploitpack
exploitpack
added 2019/09/19 12:0 a.m.22 views

GOautodial 4.0 - CreateEvent Persistent Cross-Site Scripting

GOautodial 4.0 - CreateEvent Persistent Cross-Site Scripting Exploit Title: GOautodial 4.0 - 'CreateEvent' Persistent Cross-Site Scripting Author: Cakes Discovery Date: 2019-09-19 Vendor Homepage: https://goautodial.org/ Software Link:...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/19 12:0 a.m.271 views

GOautodial 4.0 - 'CreateEvent' Persistent Cross-Site Scripting

Exploit Title: GOautodial 4.0 - 'CreateEvent' Persistent Cross-Site Scripting Author: Cakes Discovery Date: 2019-09-19 Vendor Homepage: https://goautodial.org/ Software Link: https://downloads2.goautodial.org/centos/7/isos/x8664/GOautodial-4-x8664-Pre-Release-20180929-0618.iso Tested Version: 4.0...

7.4AI score
Exploits0
Rows per page
Query Builder